Created
February 21, 2019 20:16
-
-
Save robinlandstrom/b111240cd74ecab4d358f28b2d4fd8de to your computer and use it in GitHub Desktop.
Script to automatically add configration for a new peer to a wireguard server. It will then print a QR code to the console that can be used to add the config to the Android or OS X wireguard client.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
readonly INTERFACE="wg0" | |
# Generate peer keys | |
readonly PRIVATE_KEY=$(wg genkey) | |
readonly PUBLIC_KEY=$(echo ${PRIVATE_KEY} | wg pubkey) | |
readonly PRESHARED_KEY=$(wg genpsk) | |
# Read server key from interface | |
readonly SERVER_PUBLIC_KEY=$(wg show ${INTERFACE} public-key) | |
# Get next free peer IP (This will break after x.x.x.255) | |
readonly PEER_ADDRESS=$(wg show ${INTERFACE} allowed-ips | cut -f 2 | awk -F'[./]' '{print $1"."$2"."$3"."1+$4"/"$5}' | sort -t '.' -k 1,1 -k 2,2 -k 3,3 -k 4,4 -n | tail -n1) | |
# Add peer | |
wg set ${INTERFACE} peer ${PUBLIC_KEY} preshared-key <(echo ${PRESHARED_KEY}) allowed-ips ${PEER_ADDRESS} | |
# Logging | |
echo "Added peer ${PEER_ADDRESS} with public key ${PUBLIC_KEY}" | |
# Generate peer config QR code | |
cat << END_OF_CONFIG | qrencode -t ANSIUTF8 | |
[Interface] | |
Address = ${PEER_ADDRESS} | |
PrivateKey = ${PRIVATE_KEY} | |
DNS = 8.8.8.8 (Your internal DNS server here) | |
[Peer] | |
PublicKey = ${SERVER_PUBLIC_KEY} | |
PresharedKey = ${PRESHARED_KEY} | |
AllowedIPs = 0.0.0.0/0 | |
Endpoint = example.com:443 (Your external Wireguard endpoint here) | |
END_OF_CONFIG |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think that this line:
wg set ${INTERFACE} peer ${PUBLIC_KEY} preshared-key <(echo ${PRESHARED_KEY}) allowed-ips ${PEER_ADDRESS}
adds the client Peer info to the live configuration of the running server, which can be confirmed with
wg show
. It does not touch the persistent/etc/wireguard/wg0.conf
file by itself.If
SaveConfig = True
is set for the wg server, then when the wireguard${INTERFACE}
shuts down, the live config will be saved to/etc/wireguard/${INTERFACE}.conf
You can also manually export the live config to a file with
wg-quick save wg0
https://manpages.debian.org/unstable/wireguard-tools/wg.8.en.html
https://manpages.debian.org/unstable/wireguard-tools/wg-quick.8.en.html